External storage is something a lot of users don’t think about much. For consumers, straightforward uses include file backups, transferring saved games, having a media collection to alleviate boredom on long journeys, or perhaps a bit of extra storage for a laptop with limited internal SSD capacity.
In general, thanks to the advent of fast external SSD drives such as Kingston XS2000, and much improved modern USB transfer speeds, including the latest USB 3.2 Gen2x2 standard which can fly along at 2,000 MB/sec, you’re not sacrificing much in terms of performance by using an external disk.
But things become slightly more complicated when you consider another common use case – using USB drives and external storage to transfer work between home and the office. This has become part of daily life for many of us who are now working on a hybrid timetable, with days in and out of the office each week. However, work data is often a lot more sensitive than, for example, a saved game in Football Manager or a collection of personal media. Depending on the data you have stored on the drive, there could be more serious consequences if you lose it when it’s in transit.
For a start, any kind of personal customer data is now protected by law through GDPR regulation, with organisations facing fines for misusing it. Work data used for projects may also be tied to unreleased business plans that could lead to leaking company secrets. Likewise, spreadsheets may reveal internal company information that you would rather not share.
The solution seems fairly straightforward – simply ensure any drive used for work documents is encrypted with a high-end encryption algorithm, and protected with a password, using free encryption software either built into MacOS or Windows or perhaps with a third-party software supplier. But this isn’t secure enough for every situation.
In many environments, such as healthcare, finance, military and telecommunications, absolute data security is a business priority. In health, additional regulation in the UK, EU and US is designed to prevent the disclosure of patient information, stipulating that unauthorised users must be prevented from viewing it, including when kept on local or remote storage. In finance, an accidental leak of a simple excel spreadsheet could lead to enormous monetary losses. Customer data held by telecommunications companies may make it easy for cybercriminals to target those individuals.
Relying on individuals to encrypt their own data exposes a number of risks. What if they forget to use the encrypted drive and instead use a personal unencrypted one? What if they use the drive in a computer at home that has malware on it that records password entry? Can the password be hacked with a brute force attack that guesses millions of passwords very quickly? Can the drive itself carry malware that infects computers in the workplace? In security-conscious environments, these problems need solutions.
The IronKey approach
IronKey was a secure storage company known for developing military-grade encryption products, which was acquired by Kingston Technology in 2016. It has now grown to become one of the most trusted names in secure storage for business and consumer use. The IronKey range is built around the 256-bit Advanced Encryption Standard (AES) with different levels of FIPS certification, which means lab-tested security that adheres to documented standards.
IronKey secure storage drives use hardware-based encryption that works independently of a host computer. It is designed to solve the problems of software encryption by preventing typical attacks that could easily expose data, therefore making it better suited for the aforementioned environments where data security is a top priority.
Hardware-based encryption means the encrypting and decrypting of data is performed on a separate process built into the drive itself, and no encryption keys are stored on the host computer. That has numerous advantages. It means data is kept safe if the host computer is compromised with malware. It offloads the computing requirements of encryption from a host processor and it takes some of the effort away from the user, making mixups in drive usage less likely.
Kingston’s new VP80ES hardware-encrypted SSD and VP50 hardware-encrypted USB flash drive offer FIPS-197 certification, which stipulates how a security algorithm is implemented to offer guaranteed data protection.
For example, IronKey avoids brute force password guessing attacks by placing a limit on the number of password attempts that can be made. If that number is exceeded then either the drive is locked (which requires the drive to be managed by an administrator, who has a master unlock password) or the data on it is crypto-erased and then gone forever.
With VP80ES, having a touch-screen panel on the drive, and in VP50, a password entry screen that uses a virtual keyboard means both key loggers and screen loggers will not be able to record passwords.
VP80ES even scrambles the digits and rows of alphabet keys upon every login, which mitigates a relatively simple method of guessing passwords by looking at fingerprints and smudges on the screen.
IronKey also prevents BadUSB attacks. This term refers to injecting malware into a host computer that has been embedded in modified USB firmware. These attacks circumvent anti-virus software, which isn’t able to detect viruses in something as low-level as the computer’s firmware, and since just about every computer in the world now has USB ports, a lot of systems are vulnerable.
Digitally-signed firmware in IronKey avoids this problem – by guaranteeing a check against any changes to the device’s firmware. If an attempt is made to replace the firmware with modified code, the controller will detect it and prevent access to the drive.
While these features are perhaps not required to keep saved games safe when transporting them to a friend’s house to use in their Xbox, the need to keep data protected with strong encryption is greater than ever, with more potential cyber-attacks and efforts to steal organisations’ information.
Given the potential costs associated with data loss, stolen USB sticks and leaked information, the small additional outlay associated with upgrading to robust and secure hardware-encrypted storage such as Kingston IronKey could be money well spent.